We've been having an issue for the last few weeks on a relatively small network. The issue started when we swapped a specific Cisco 3750 for a 2960G (there were some other changes), exactly since then we now get the following notifications all day long:
019534: Feb 27 01:28:39: %SW_MATM-4-MACFLAP_NOTIF: Host 0016.3e64.98e2 in vlan 100 is flapping between port Gi0/22 and port Gi0/24
We get this on multiple mac addresses and multiple vlans, the above is the most common one we see (there are thousands per day).
The mac address in question is for a VM on a server, obviously the server does not move and is physically located on another switch directly connected to Gi0/24.
Gi0/22 is the uplink to the central router (there are other switches upstream, non if which are logging flaps), so the questions follows – how is this switch learning the VM's mac on Gi0/22 ?
Obviously the first thing was to eliminate a L2 loop, we have looked into this many times, rebuilding diagrams from scratch using both cdp and physical tracing and we absolutely cannot find a loop anywhere. Additionally, STP is not reporting any blocked paths, confirming that no loop has been detected.
Any help or tips on how to debug this would be greatly appreciated.
Best Answer
Hunt for an L2 loop or a software misbehaviour.
Start at 2960G/Gi0/22, and go to the upstream router let's say R1. Search on which port is the @MAC: 00:16:3e:64:98:e2, let's say R1/Gi0/7. Go to the network equipment connect on R1/Gi0/7, and go ahead until you reach the final port which says it sees this @MAC.
If this isn't a physical connection to the same machine,